Last week, multiple users reported that two Snap packages from the Snap Store (named 2048buntu and Hextris) they mined cryptocurrencies in secondary processes without the users knowing. Of course, Canonical removed these applications immediately.
Today, the company responsible for Ubuntu has spoken about its position on the subject mentioning that there are no rules against mining cryptocurrencies through Snaps as long as the developer informs users through this.
Canonical also mentioned that mining cryptocurrencies is not illegal or unethical, so the only “not allowed” thing that Nicolas Tomb (creator of the two deleted apps) did was not to warn users.
In turn, Nicolas informed Canonical that his goal was to "Monetize software released under licenses that allow it."
Canonical promises to improve the security of its Snap Store
In the same publication, Canonical also explained that it does not have the ability to review the hundreds of applications that are published in its store every day, taking this into account, it is recommended to only install applications from known sources and developers.
With that in mind, the company promises to strengthen the security of its Snap Store by implementing the ability to mark specific developers as verified, helping users decide whether or not to install an application.
Right now the Snap Store stores more than 3,000 packages divided between open source applications and closed source applications.
Thanks to its design, the Snap format is very safe since it is an application enclosed within an environment (sandbox) such as Flatpak or AppImage. Anyway, Snaps are not only running Ubuntu, they also run on many other distributions such as Arch Linux, Solus, OpenSuSE, Fedora, Debian GNU / Linux, Gentoo Linux, Linux Mint and OpenWrt, so it will be difficult to manage your installation on all without the help of users.